Loopback causing blacklisted ont

[hemant]

Not necessarily pppoe broadcasts, I said that as an example. Thinking more about this, it might be due to pkts with hathway ip as source address being sent to bsnl? Loopback is (from what i understand) when the server gets pkts, which it itself sent, back. With some generalisation, also used to mean getting pkts with impossible addresses - say for eg. bsnl doesn't expect to get any pkts from public ips on their customer facing ports, i.e from you; but if somehow pkts from hathway interface are routed by r600vpn to bsnl, it might trigger blocking.

so some things to check maybe

• does it work with bsnl alone? no hathway in picture?
• switching ports as suggested by @jayanta525
• why do you need bridge mode? configure the bsnl GPON with username,pw etc and have it run dhcp on its lan interface. config r600vpn's wan port to get a dynamic ip from that bsnl gpon (the same way you've configured hathway)
• vlan page and routing page settings would also be helpful (you can just paste text or to post image, may be put it on Dropbox/gdrive and paste the link here?)

(since you might again get blocked, may be you could remove the bsnl gpon wan connection while testing)

 

[jayanta525]

why do you need bridge mode? configure the bsnl GPON with username,pw etc and have it run dhcp on its lan interface. config r600vpn's wan port to get a dynamic ip from that bsnl GPON

@hemant, double NAT, ontop of CGNAT is a bad idea.

 

[jayanta525]

@orrville Confirm if any other VLAN is tagged or untagged in the interface to BSNL ont.

 

[orrville]

Here are the images:
VLAN: port 1 is bsnl, 2 Hathaway and rest are lan.

Source


Routing table:

Source


I have masked the public IP.
@hemant it is difficult to say what will work or not, since it takes about 1 month or so to get blocked.
As @jayanta525 said, to avoid double NAT, using it in bridge mode.

still to try swapping wan ports, will do after you guys review these settings.

 

[jayanta525]

@orrville, there you are. you have untagged VLAN 10 and VLAN 336 on your BSNL interface. With this configuration, it's obvious that the OLT will block your ONT.

 

[jayanta525]

@orrville Remove any untagged or tagged VLAN on that particular interface but keep the BSNL VLAN as tagged.

If it's not already untagged by ONT in bridge mode.

In your case, remove vlan10 and vlan336 from port 1.

 

---

[orrville]

Done!
would like to understand why would that be a problem since they are not used anywhere else, if you can explain please?

 

[jayanta525]

From your config, it seems that VLAN436 is your LAN.

(assume)if you untag vlan436 on port 1, the traffic will be converted to vlan1, which is the default vlan (or no vlan, or plain traffic). and, any user connected to that interface will be able to access your LAN zone, which in this case, is the OLT. If the OLT is not configured to discard packets, your LAN can be accessed by any users on that OLT. (and they will also receive DHCP offer from your router)

This was the case for vlan436, similarly, your router might be running services on vlan10 or vlan336 or broadcasting ARP, or a DHCP server, which is received by the OLT.

 

[orrville]

Thanks!
Looks like broadcast transmitted packets have gone down to 0. The received packets, I assume, are from ISP respectively.

Source


Should the VLAN be tagged or untagged?

 

[jayanta525]

There are ways of doing it:

(i will assume VLANs here, as you have not specified which VLAN your LCO uses)

- BSNL PPPoE servers are reachable over a specific VLAN, to authenticate, if you're using ONT in router mode, you will have to set the PPPoE credentials as well as the vlan-id on the configuration page at the ONT.

- If you're using bridge mode, but have set the BSNL vlan to be untagged on the ETH port of the ONT (or bind), you don't need to use tagged vlan on your R600, but specify a distinct untagged vlan, for the router to distinguish traffic form this interface.

- If you're using bridge more, but have NOT set the BSNL vlan to be untagged on the ETH port of ONT, you will need to use that particular vlan used by BSNL and set it as tagged on that interface of your router.

---

Please note:
[1]. Some ONT resets on reboot, i.e. OLT resets their configuration.
[2]. Some ONT (i had issues with Syrotech) doesn't forward VLAN traffics.